# In this file, every section corresponds to a header file.
# A corresponding binding file will be created in $OUT_DIR.
#
# This configuration is processed by build.rs to populate `exclude` for each
# header with the types/variables/functions/enums declared for generation in
# other headers.

[nss_prelude]
types = ["SECItem", "SECItemArray", "SECItemStr", "SECStatus"]
functions = ["SECITEM_FreeItem", "SECITEM_FreeArray"]
enums = ["_SECStatus", "SECItemType"]

[nss_ssl]
types = [
    "HpkeSymmetricSuite",
    "SSLAeadContext",
    "SSLAlertDescription",
    "SSLCertificateCompressionAlgorithm",
    "SSLExtensionHandler",
    "SSLExtensionType",
    "SSLExtensionWriter",
    "SSLExtraServerCertData",
    "SSLHelloRetryRequestAction",
    "SSLHelloRetryRequestCallback",
    "SSLNamedGroup",
    "SSLProtocolVariant",
    "SSLRecordWriteCallback",
    "SSLResumptionTokenCallback",
    "SSLResumptionTokenInfo",
    "SSLSecretCallback",
    "SSLSignatureScheme",
    "SSLTimeFunc",
]
functions = [
    "SSL_AlertSentCallback",
    "SSL_AuthCertificateComplete",
    "SSL_AuthCertificateHook",
    "SSL_CipherPrefSet",
    "SSL_ConfigServerCert",
    "SSL_ConfigServerSessionIDCache",
    "SSL_DestroyResumptionTokenInfo",
    "SSL_GetChannelInfo",
    "SSL_GetExperimentalAPI",
    "SSL_GetImplementedCiphers",
    "SSL_GetNextProto",
    "SSL_GetNumImplementedCiphers",
    "SSL_GetPreliminaryChannelInfo",
    "SSL_GetResumptionTokenInfo",
    "SSL_ForceHandshake",
    "SSL_ImportFD",
    "SSL_NamedGroupConfig",
    "SSL_OptionSet",
    "SSL_OptionGetDefault",
    "SSL_PeerCertificate",
    "SSL_PeerSignedCertTimestamps",
    "SSL_PeerStapledOCSPResponses",
    "SSL_ResetHandshake",
    "SSL_SendAdditionalKeyShares",
    "SSL_SetNextProtoNego",
    "SSL_SetURL",
    "SSL_VersionRangeSet",
]
enums = [
    "HpkeAeadId",
    "HpkeKdfId",
    "SSLAuthType",
    "SSLCipherAlgorithm",
    "SSLCompressionMethod",
    "SSLContentType",
    "SSLExtensionType",
    "SSLHandshakeType",
    "SSLHelloRetryRequestAction",
    "SSLKEAType",
    "SSLMACAlgorithm",
    "SSLNamedGroup",
    "SSLNextProtoState",
    "SSLProtocolVariant",
    "SSLSecretDirection",
    "SSLSignatureScheme",
]
variables = [
    "SSL_LIBRARY_VERSION_TLS_\\d_\\d",
    "SSL_NumImplementedCiphers",
    "ssl_preinfo_.*",
]

[nss_sslopt]
variables = [
    "SSL_REQUEST_CERTIFICATE",
    "SSL_REQUIRE_CERTIFICATE",
    "SSL_NO_LOCKS",
    "SSL_ENABLE_SESSION_TICKETS",
    "SSL_ENABLE_OCSP_STAPLING",
    "SSL_ENABLE_ALPN",
    "SSL_ENABLE_EXTENDED_MASTER_SECRET",
    "SSL_ENABLE_SIGNED_CERT_TIMESTAMPS",
    "SSL_ENABLE_0RTT_DATA",
    "SSL_RECORD_SIZE_LIMIT",
    "SSL_ENABLE_TLS13_COMPAT_MODE",
    "SSL_ENABLE_HELLO_DOWNGRADE_CHECK",
    "SSL_SUPPRESS_END_OF_EARLY_DATA",
    "SSL_ENABLE_GREASE",
    "SSL_ENABLE_CH_EXTENSION_PERMUTATION",
]

[nss_ciphers]
variables = ["TLS_.*"]
exclude = [".*_(?:EXPORT(?:1024)?|anon|DES|RC4)_.*", ".*_(?:MD5|NULL_SHA)"]

[nss_secerr]
types = ["SECErrorCodes"]
enums = ["SECErrorCodes"]

[nss_sslerr]
types = ["SSLErrorCodes"]
enums = ["SSLErrorCodes"]

[nss_init]
functions = [
    "NSS_Initialize",
    "NSS_IsInitialized",
    "NSS_NoDB_Init",
    "NSS_SetDomesticPolicy",
    "NSS_Shutdown",
    "NSS_VersionCheck",
]
variables = ["NSS_INIT_READONLY", "SECMOD_DB"]

[nss_p11]
types = [
    "CERTCertificateStr",
    "CK_BBOOL",
    # "CK_ULONG", // Uncommenting this breaks nss_ssl bindings
    "CK_HKDF_PARAMS",
    "CERTCertList",
    "CERTCertListNode",
    "CK_CHACHA20_PARAMS",
    "HpkeAeadId",
    "HpkeKdfId",
    "HpkeKemId",
    "PK11AttrFlags",
    "PK11SlotListStr",
    "PK11SlotListElementStr",
    "PK11SymKeyStr",
    "SECKEYPrivateKeyStr",
]
functions = [
    "CERT_DestroyCertificate",
    "CERT_DestroyCertList",
    "CERT_GetCertificateDer",
    "NSS_SetAlgorithmPolicy",
    "PK11_AEADOp",
    "PK11_Authenticate",
    "PK11_CipherOp",
    "PK11_CreateContextBySymKey",
    "PK11_Decrypt",
    "PK11_Derive",
    "PK11_DestroyContext",
    "PK11_DigestOp",
    "PK11_DigestFinal",
    "PK11_Encrypt",
    "PK11_ExportDERPrivateKeyInfo",
    "PK11_ExtractKeyValue",
    "PK11_FindCertFromNickname",
    "PK11_FindKeyByAnyCert",
    "PK11_FreeSlot",
    "PK11_FreeSlotList",
    "PK11_FreeSymKey",
    "PK11_GenerateKeyPairWithOpFlags",
    "PK11_GetNextSymKey",
    "PK11_GetSymKeyNickname",
    "PK11_GenerateKeyPair",
    "PK11_GenerateRandom",
    "PK11_GetAllTokens",
    "PK11_GetBlockSize",
    "PK11_GetInternalKeySlot",
    "PK11_GetInternalSlot",
    "PK11_GetKeyData",
    "PK11_GetMechanism",
    "PK11_GetTokenName",
    "PK11_HashBuf",
    "PK11_HPKE_Deserialize",
    "PK11_HPKE_ExportSecret",
    "PK11_HPKE_GetEncapPubKey",
    "PK11_HPKE_DestroyContext",
    "PK11_HPKE_NewContext",
    "PK11_HPKE_Open",
    "PK11_HPKE_Seal",
    "PK11_HPKE_SetupR",
    "PK11_HPKE_SetupS",
    "PK11_HPKE_Serialize",
    "PK11_HPKE_ValidateParameters",
    "PK11_ImportDataKey",
    "PK11_ImportDERPrivateKeyInfoAndReturnKey",
    "PK11_ImportPublicKey",
    "PK11_ImportSymKey",
    "PK11_ListFixedKeysInSlot",
    "PK11_PubDeriveWithKDF",
    "PK11_ReadRawAttribute",
    "PK11_ReferenceSlot",
    "PK11_ReferenceSymKey",
    "PK11_SetSymKeyNickname",
    "PK11_SignWithMechanism",
    "PK11_TokenKeyGenWithFlags",
    "PK11_VerifyWithMechanism",
    "PK11_WrapPrivKey",
    "SECITEM_AllocItem",
    "SECITEM_ReallocItemV2",
    "SECKEY_CopyPrivateKey",
    "SECKEY_CopyPublicKey",
    "SECKEY_DecodeDERSubjectPublicKeyInfo",
    "SECKEY_DestroyPrivateKey",
    "SECKEY_DestroyPublicKey",
    "SECKEY_DestroySubjectPublicKeyInfo",
    "SECKEY_ExtractPublicKey",
    "SECKEY_ConvertToPublicKey",
    "SECOID_FindOIDByTag",
]
enums = [
    "HpkeAeadId",
    "HpkeKdfId",
    "HpkeKemId",
    "PK11ObjectType",
    "PK11Origin",
    "SECOidTag",
]
opaque = ["PK11ContextStr", "PK11SlotInfoStr", "SECKEYPublicKeyStr"]
variables = [
    "AES_BLOCK_SIZE",
    "PK11_ATTR_EXTRACTABLE",
    "NSS_USE_ALG_IN_SSL_KX",
    "PK11_ATTR_INSENSITIVE",
    "PK11_ATTR_PRIVATE",
    "PK11_ATTR_TOKEN",
    "PK11_ATTR_PUBLIC",
    "PK11_ATTR_SENSITIVE",
    "PK11_ATTR_SESSION",
    "KU_ALL",
    "SEC_ASN1_OBJECT_ID",
    "SHA256_LENGTH",
    "SHA384_LENGTH",
    "SHA512_LENGTH",
    "SHA3_256_LENGTH",
    "SHA3_384_LENGTH",
    "SHA3_512_LENGTH",
    "CKA_DERIVE",
    "CKA_ENCRYPT",
    "CKA_DECRYPT",
    "CKA_NSS_MESSAGE",
    "CKG_GENERATE_COUNTER_XOR",
    "CKG_NO_GENERATE",
    "CKM_AES_GCM",
    "CKM_CHACHA20_POLY1305",
    "CKF_DECRYPT",
    "CKF_DERIVE",
    "CKF_ENCRYPT",
    "CKM_EC_KEY_PAIR_GEN",
    "CK_INVALID_HANDLE",
    "CKF_HKDF_SALT_NULL",
    "CKF_HKDF_SALT_DATA",
    "CKM_HKDF_DERIVE",
    "CKM_HKDF_DATA",
    "CKM_SHA256",
    "CKM_SHA384",
    "CKM_SHA512",
    "CKM_SHA256_HMAC",
    "CKM_SHA384_HMAC",
    "CKM_SHA512_HMAC",
    "CKM_AES_KEY_GEN",
    "CKM_ECDSA",
    "CKM_EDDSA",
]

[nspr_err]
variables = ["PR_.*_ERROR"]

[nspr_error]
types = ["PRErrorCode"]
functions = ["PR_ErrorToName", "PR_ErrorToString", "PR_GetError", "PR_SetError"]
variables = ["PR_LANGUAGE_I_DEFAULT"]

[nspr_io]
types = [
    "PRFileDesc",
    "PRFileInfo",
    "PRFileInfo64",
    "PRFilePrivate",
    "PRIOMethods",
    "PRIOVec",
    "PRSeekFN",
    "PRSeek64FN",
]
functions = ["PR_Close", "PR_CreateIOLayerStub", "PR_GetUniqueIdentity"]
variables = ["PR_AF_INET"]
# opaque is for the stuff we don't plan to use, but we need for function signatures.
opaque = ["PRFileInfo", "PRFileInfo64", "PRFilePrivate", "PRIOVec"]
enums = ["PRDescType", "PRStatus", "PRSeekWhence"]

[nspr_time]
types = ["PRTime"]
functions = ["PR_Now"]